rules: add runc to known_memfd_execution_binaries

[ytsssun]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind feature

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area rules

/area registry

/area build

/area documentation

Proposed rule maturity level

Uncomment one (or more) /area <> lines (only for PRs that add or modify rules):

/area maturity-stable

/area maturity-incubating

/area maturity-sandbox

/area maturity-deprecated

What this PR does / why we need it:
This PR is to extend the known_memfd_execution_binaries with runc since in 1.1.15 of runc, it introduced a behavior which would use the memfd approach to execute runc binary. This PR is to include the rule for it so that we don't falsely flag the runc binary.

Which issue(s) this PR fixes:

Fixes #3444

Special notes for your reviewer:
I can use come help confirming the change. I was able to verify the override works, see the proof.

But I would need help on verifying that via the first party rules for falco.

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ytsssun
Once this PR has been reviewed and has the lgtm label, please assign loresuso for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• rules/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[poiana]

Welcome @ytsssun! It looks like this is your first PR to falcosecurity/rules 🎉